Following criticism from security researchers for its slow response to serious vulnerabilities, Adobe committed on Wednesday to a quarterly patch schedule and to hardening its Adobe Reader and Acrobat products.

The software company has embarked on an effort to root out vulnerabilities in its code and improve the security of its software, Brad Arkin, director of product security and privacy for Adobe, stated in a post on the company's ASSET blog. The so-called Secure Product Lifecycle (SPLC) will bring together threat modeling, code reviews and automated attacks on the software, such as fuzzing, Arkin said. The company also plans to improve incident response, answering vulnerability reports more quickly and speeding patch testing and deployment.

The announcement comes after a major flaw, known as JBIG2, was found in February to affect Adobe's ubiquitous Reader software.

"The JBIG2 issue also sparked a lot of conversation internally at Adobe from executives to testers and developers," stated. "What started out as a routine incident response expanded to a broader effort by Adobe Reader and Acrobat engineers, culminating in permanent changes to our software security approach for those products."

Adobe's SPLC effort is modeled on Microsoft's Secure Development Lifecycle (SDL), which the software giant created as part of its Trustworthy Computing Initiative, kicked off by former CEO Bill Gates in January 2002. Adobe's secure software development process is not the only Microsoft practice that the company plans to copy. The company will also release its patches on the same day as Microsoft, Arkin said.

"Based on feedback from our customers, who have processes and resources geared toward Microsofts 'Patch Tuesday' security updates, we will make Adobes quarterly patches available on the same days," he said.